Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
Show First 20 Lines • Show All 255 Lines • ▼ Show 20 Lines | if ($auth_type === ConduitClient::AUTH_ASYMMETRIC) { | ||||
'trusted keys can be used to sign API calls.'), | 'trusted keys can be used to sign API calls.'), | ||||
); | ); | ||||
} | } | ||||
if (!PhabricatorEnv::isClusterRemoteAddress()) { | if (!PhabricatorEnv::isClusterRemoteAddress()) { | ||||
return array( | return array( | ||||
'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
pht( | pht( | ||||
'This request originates from outside of the Phabricator '. | 'This request originates from outside of the %s '. | ||||
'cluster address range. Requests signed with trusted '. | 'cluster address range. Requests signed with trusted '. | ||||
'device keys must originate from within the cluster.'), | 'device keys must originate from within the cluster.', | ||||
PhabricatorPlatformSite::getName()), | |||||
); | ); | ||||
} | } | ||||
$user = PhabricatorUser::getOmnipotentUser(); | $user = PhabricatorUser::getOmnipotentUser(); | ||||
// Flag this as an intracluster request. | // Flag this as an intracluster request. | ||||
$api_request->setIsClusterRequest(true); | $api_request->setIsClusterRequest(true); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | if (strlen($token_string)) { | ||||
// If this is a "clr-" token, Phabricator must be configured in cluster | // If this is a "clr-" token, Phabricator must be configured in cluster | ||||
// mode and the remote address must be a cluster node. | // mode and the remote address must be a cluster node. | ||||
if ($token->getTokenType() == PhabricatorConduitToken::TYPE_CLUSTER) { | if ($token->getTokenType() == PhabricatorConduitToken::TYPE_CLUSTER) { | ||||
if (!PhabricatorEnv::isClusterRemoteAddress()) { | if (!PhabricatorEnv::isClusterRemoteAddress()) { | ||||
return array( | return array( | ||||
'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
pht( | pht( | ||||
'This request originates from outside of the Phabricator '. | 'This request originates from outside of the %s '. | ||||
'cluster address range. Requests signed with cluster API '. | 'cluster address range. Requests signed with cluster API '. | ||||
'tokens must originate from within the cluster.'), | 'tokens must originate from within the cluster.', | ||||
PhabricatorPlatformSite::getName()), | |||||
); | ); | ||||
} | } | ||||
// Flag this as an intracluster request. | // Flag this as an intracluster request. | ||||
$api_request->setIsClusterRequest(true); | $api_request->setIsClusterRequest(true); | ||||
} | } | ||||
$user = $token->getObject(); | $user = $token->getObject(); | ||||
▲ Show 20 Lines • Show All 378 Lines • Show Last 20 Lines |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0